VYPR

Vendor CVEs

Omron

All CVEs

73 total · sorted by risk
  • CVE-2022-33208Jul 4, 2022
    risk 0.00cvss epss 0.02

    Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier,…

  • CVE-2022-26419Apr 1, 2022
    risk 0.00cvss epss 0.02

    Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code.

  • CVE-2022-26022Apr 1, 2022
    risk 0.00cvss epss 0.01

    Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code.

  • CVE-2022-26417Apr 1, 2022
    risk 0.00cvss epss 0.01

    Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code.

  • CVE-2022-25959Apr 1, 2022
    risk 0.00cvss epss 0.01

    Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code.

  • CVE-2022-25325Mar 7, 2022
    risk 0.00cvss epss 0.01

    Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different…

  • CVE-2022-21219Mar 7, 2022
    risk 0.00cvss epss 0.01

    Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.

  • CVE-2022-21137Jan 14, 2022
    risk 0.00cvss epss 0.09

    Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code.

  • CVE-2021-27413May 13, 2021
    risk 0.00cvss epss 0.10

    Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

  • CVE-2020-27257Feb 9, 2021
    risk 0.00cvss epss 0.02

    This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices.

  • CVE-2020-27261Feb 9, 2021
    risk 0.00cvss epss 0.08

    The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2020-27259Feb 9, 2021
    risk 0.00cvss epss 0.03

    The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2019-18261Dec 16, 2019
    risk 0.00cvss epss 0.01

    In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to…

  • CVE-2019-18259Dec 16, 2019
    risk 0.00cvss epss 0.02

    In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands.

  • CVE-2019-6556Apr 10, 2019
    risk 0.00cvss epss 0.01

    When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the…

  • CVE-2018-16207Mar 27, 2019
    risk 0.00cvss epss 0.01

    PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors.

  • CVE-2018-19027Jan 30, 2019
    risk 0.00cvss epss 0.01

    Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

  • CVE-2018-18989Dec 4, 2018
    risk 0.00cvss epss 0.02

    In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit…

  • CVE-2015-1015Oct 6, 2015
    risk 0.00cvss epss 0.00

    Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file.

  • CVE-2015-0988Oct 6, 2015
    risk 0.00cvss epss 0.00

    Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file.

  • CVE-2014-2370Jul 24, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data.

  • CVE-2014-2369Jul 24, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2013-2301Mar 29, 2013
    risk 0.00cvss epss 0.01

    The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem.

Page 2 of 2